| |
| |||||||
Log-Analyse und Auswertung: Interpol-Virus - Rechner ist gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.01.2014, 15:10
| #1 |
| |  Interpol-Virus - Rechner ist gesperrt Hallo zusammen! Ich habe dasselbe problem, wie Mauli.Mauli. plötzlich erschien das Interpol fenster und ließ sich nicht mehr schließen, erst wenn ich nen haufen geld überweise solls verschwinden. die ersten schritte hab ich bereits getan, wie es in seinem beitrag stand. sprich den systemscan und auch die frst.exe, aber wie nun weiter? danke schonmal für die hilfe!  lg yilli hier meine frst.exe: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by SYSTEM on MININT-A89QQ05 on 17-01-2014 14:42:57
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-06-10] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Reinicke\...\Run: [Steam] - C:\Spiele\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-25] (NVIDIA Corporation)
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-20] (Adobe Systems)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1833776 2013-12-29] ()
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-04-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-05] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-17] ()
S3 ALSysIO; \??\C:\Users\Reinicke\AppData\Local\Temp\ALSysIO64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 14:36 - 2014-01-17 14:36 - 00000000 ____D C:\FRST
2014-01-17 11:47 - 2014-01-17 11:47 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-16 11:15 - 2014-01-16 11:15 - 07115203 _____ C:\Users\Reinicke\Downloads\1219090(1).zip
2014-01-16 11:15 - 2014-01-16 11:15 - 05412422 _____ C:\Users\Reinicke\Downloads\1180690.zip
2014-01-16 11:05 - 2014-01-16 11:06 - 10678963 _____ C:\Users\Reinicke\Downloads\1223481(1).zip
2014-01-16 11:05 - 2014-01-16 11:06 - 08484100 _____ C:\Users\Reinicke\Downloads\1217103(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 07009213 _____ C:\Users\Reinicke\Downloads\1216206(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 06358058 _____ C:\Users\Reinicke\Downloads\1215805(1).zip
2014-01-15 09:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-01-15 09:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-01-15 09:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-10 19:21 - 2014-01-10 19:26 - 263583224 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-5005-HOTFIX4-WIN64.exe
2014-01-10 19:09 - 2014-01-10 19:09 - 00001276 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2014-01-10 19:09 - 2014-01-10 19:09 - 00001101 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2014-01-10 19:07 - 2014-01-11 10:04 - 00000000 ____D C:\Program Files (x86)\ArchiCAD17
2014-01-10 18:48 - 2014-01-10 19:04 - 889819512 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-GER64(2).exe
2014-01-05 10:12 - 2014-01-05 10:12 - 00002320 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-01-05 10:11 - 2014-01-05 10:11 - 00000000 ____D C:\Users\Reinicke\Documents\My Games
2014-01-05 10:09 - 2014-01-05 10:10 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Reinicke\Downloads\ffxivsetup.exe
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\System32\ljkb
2013-12-20 22:28 - 2013-12-20 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-17 14:39 - 2013-02-08 18:51 - 01998361 _____ C:\Windows\WindowsUpdate.log
2014-01-17 14:36 - 2014-01-17 14:36 - 00000000 ____D C:\FRST
2014-01-17 14:35 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\System32\perfh007.dat
2014-01-17 14:35 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\System32\perfc007.dat
2014-01-17 14:35 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-17 14:28 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:28 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:13 - 2013-11-24 22:03 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 14:00 - 2013-02-12 17:11 - 00000000 ____D C:\Users\Reinicke\AppData\Local\Deployment
2014-01-17 13:46 - 2013-02-11 19:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 11:47 - 2014-01-17 11:47 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-17 11:47 - 2013-07-11 08:38 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2014-01-17 11:46 - 2013-11-24 22:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 11:46 - 2013-02-07 19:13 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 11:46 - 2013-02-07 18:59 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-17 11:46 - 2010-11-21 04:47 - 00397262 _____ C:\Windows\PFRO.log
2014-01-17 11:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 11:46 - 2009-07-14 05:51 - 00075191 _____ C:\Windows\setupact.log
2014-01-16 16:16 - 2013-02-07 18:59 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-16 11:15 - 2014-01-16 11:15 - 07115203 _____ C:\Users\Reinicke\Downloads\1219090(1).zip
2014-01-16 11:15 - 2014-01-16 11:15 - 05412422 _____ C:\Users\Reinicke\Downloads\1180690.zip
2014-01-16 11:06 - 2014-01-16 11:05 - 10678963 _____ C:\Users\Reinicke\Downloads\1223481(1).zip
2014-01-16 11:06 - 2014-01-16 11:05 - 08484100 _____ C:\Users\Reinicke\Downloads\1217103(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 07009213 _____ C:\Users\Reinicke\Downloads\1216206(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 06358058 _____ C:\Users\Reinicke\Downloads\1215805(1).zip
2014-01-15 18:13 - 2009-07-14 05:45 - 00294880 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-15 13:13 - 2013-08-14 10:37 - 00000000 ____D C:\Windows\System32\MRT
2014-01-15 13:12 - 2013-02-14 05:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-01-15 12:33 - 2013-03-22 00:21 - 00000000 ____D C:\Users\Reinicke\AppData\Local\CrashDumps
2014-01-15 10:35 - 2013-09-23 20:55 - 00000000 ____D C:\Users\Reinicke\Documents\BIMx
2014-01-15 10:35 - 2013-09-23 20:54 - 00000000 ____D C:\Users\Reinicke\Graphisoft
2014-01-11 10:04 - 2014-01-10 19:07 - 00000000 ____D C:\Program Files (x86)\ArchiCAD17
2014-01-10 19:27 - 2013-09-23 20:49 - 00007435 _____ C:\Windows\vpd.properties
2014-01-10 19:26 - 2014-01-10 19:21 - 263583224 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-5005-HOTFIX4-WIN64.exe
2014-01-10 19:26 - 2013-09-23 20:44 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\Install.GS
2014-01-10 19:21 - 2013-09-23 20:54 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\Graphisoft
2014-01-10 19:09 - 2014-01-10 19:09 - 00001276 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2014-01-10 19:09 - 2014-01-10 19:09 - 00001101 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2014-01-10 19:09 - 2013-09-23 20:44 - 00000000 ____D C:\Program Files (x86)\ArchiCAD
2014-01-10 19:04 - 2014-01-10 18:48 - 889819512 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-GER64(2).exe
2014-01-05 18:21 - 2013-02-12 16:21 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\TS3Client
2014-01-05 10:12 - 2014-01-05 10:12 - 00002320 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-01-05 10:12 - 2013-02-11 19:20 - 00000000 ____D C:\Spiele
2014-01-05 10:12 - 2013-02-07 18:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-05 10:11 - 2014-01-05 10:11 - 00000000 ____D C:\Users\Reinicke\Documents\My Games
2014-01-05 10:10 - 2014-01-05 10:09 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Reinicke\Downloads\ffxivsetup.exe
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\System32\ljkb
2014-01-04 10:19 - 2013-05-09 11:35 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2014-01-04 10:19 - 2013-05-09 11:35 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2014-01-03 10:17 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-29 11:12 - 2013-05-09 11:35 - 01833776 _____ C:\Windows\System32\dmwu.exe
2013-12-29 11:08 - 2013-05-09 11:35 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-12-27 22:48 - 2013-02-11 19:36 - 00000000 ____D C:\Users\Reinicke\Documents\Musik
2013-12-26 18:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-25 09:03 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-12-25 09:03 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2013-12-21 21:46 - 2013-02-11 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 22:28 - 2013-12-20 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 19:32 - 2013-05-07 09:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-12-18 19:32 - 2013-03-28 19:30 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-12-18 19:32 - 2013-03-28 19:30 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Reinicke\AppData\Local\Temp\7z920.exe
C:\Users\Reinicke\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Reinicke\AppData\Local\Temp\AskSLib.dll
C:\Users\Reinicke\AppData\Local\Temp\avgnt.exe
C:\Users\Reinicke\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Reinicke\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Reinicke\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Reinicke\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Reinicke\AppData\Local\Temp\Gw2.exe
C:\Users\Reinicke\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\Reinicke\AppData\Local\Temp\installerdll4564885.dll
C:\Users\Reinicke\AppData\Local\Temp\installerdll4570111.dll
C:\Users\Reinicke\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\Reinicke\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Reinicke\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Reinicke\AppData\Local\Temp\rootsupd.exe
C:\Users\Reinicke\AppData\Local\Temp\run.exe
C:\Users\Reinicke\AppData\Local\Temp\Setup.exe
C:\Users\Reinicke\AppData\Local\Temp\ubi582E.tmp.exe
C:\Users\Reinicke\AppData\Local\Temp\uninstaller.exe
C:\Users\Reinicke\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Reinicke\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Reinicke\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Reinicke\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Reinicke\AppData\Local\Temp\WSSetup.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-01-07 21:31:27
Restore point made on: 2014-01-15 09:58:00
Restore point made on: 2014-01-15 13:12:37
Restore point made on: 2014-01-17 14:05:01
Restore point made on: 2014-01-17 14:38:06
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8076.88 MB
Available physical RAM: 7271.33 MB
Total Pagefile: 8075.08 MB
Available Pagefile: 7269.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:694.05 GB) NTFS
Drive e: (Sims3EP10) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF
Drive f: (FH DORTMUND) (Removable) (Total:3.8 GB) (Free:3.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 526C69FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
LastRegBack: 2014-01-15 10:14
==================== End Of Log ============================
|
|
17.01.2014, 16:03
| #2 |
| /// the machine /// TB-Ausbilder    | Interpol-Virus - Rechner ist gesperrt HI,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
FRST bitte nochmal scannen lassen, mach bitte alle Haken raus bei Whitelist.
__________________ |
|
17.01.2014, 16:35
| #3 |
| | Interpol-Virus - Rechner ist gesperrt so hier nochmal die gescannte frst ohne haken
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by SYSTEM on MININT-F5L31H8 on 17-01-2014 16:21:16
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (All) ===========================
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [170304 2012-05-24] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [398656 2012-05-24] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [440128 2012-05-24] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-06-10] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-21] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-25] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Reinicke\...\Run: [Steam] - C:\Spiele\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-25] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
==================== Services (All) ========================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-20] (Adobe Systems)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432 2013-12-21] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-10] (Adobe Systems Incorporated)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-14] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-18] (Microsoft Corporation)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-21] (Microsoft Corporation)
S2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-21] (Microsoft Corporation)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-21] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation)
S2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-21] (Microsoft Corporation)
S2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-21] (Microsoft Corporation)
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation)
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276288 2012-05-24] (Intel Corporation)
S2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation)
S2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-21] (Microsoft Corporation)
S2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-21] (Microsoft Corporation)
S2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-21] (Microsoft Corporation)
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-21] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation)
S2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-21] (Microsoft Corporation)
S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation)
S2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-21] (Microsoft Corporation)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-21] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-11-24] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648 2013-11-24] (Google Inc.)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-21] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-21] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-21] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13632 2012-05-30] (Intel Corporation)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1833776 2013-12-29] ()
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-21] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2013-11-26] (Microsoft Corporation)
S3 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [628448 2012-02-02] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation)
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 KeyIso; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation)
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-21] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-21] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation)
S2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784 2012-02-28] (Intel Corporation)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-21] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-12-20] (Mozilla Foundation)
S2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-21] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-21] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-21] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
S2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation)
S2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation)
S2 nvsvc; C:\Windows\system32\nvvsvc.exe [884512 2013-01-18] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259880 2012-12-03] (NVIDIA Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation)
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-14] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-21] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation)
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-21] (Microsoft Corporation)
S2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-21] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-21] (Microsoft Corporation)
S2 SamSs; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-21] (Microsoft Corporation)
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-21] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-21] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-21] (Microsoft Corporation)
S2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation)
S2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-21] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-21] (Microsoft Corporation)
S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation)
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-21] (Microsoft Corporation)
S2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-21] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
S2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [569768 2014-01-07] (Valve Corporation)
S2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264 2013-01-18] (NVIDIA Corporation)
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-21] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation)
S2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-21] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-21] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-21] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-21] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-21] (Microsoft Corporation)
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation)
S2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-21] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800 2012-02-28] (Intel Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation)
S2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-21] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-21] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-21] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-21] (Microsoft Corporation)
S2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-21] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-21] (Microsoft Corporation)
S2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-04] (Microsoft Corporation)
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2428952 2012-06-02] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [230400 2013-03-19] (Microsoft Corporation)
==================== Drivers (All) ==========================
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-21] (Microsoft Corporation)
S0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-21] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [491088 2009-07-14] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\drivers\adpahci.sys [339536 2009-07-14] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\drivers\adpu320.sys [182864 2009-07-14] (Adaptec, Inc.)
S1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-14] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-14] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-14] (Microsoft Corporation)
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] (Microsoft Corporation)
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-03-11] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\drivers\amdsbs.sys [194128 2009-07-14] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-21] (Microsoft Corporation)
S3 arc; C:\Windows\system32\drivers\arc.sys [87632 2009-07-14] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\drivers\arcsas.sys [97856 2009-07-14] (Adaptec, Inc.)
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation)
S0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-04-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation)
S1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation)
S1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-21] (Microsoft Corporation)
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] (Microsoft Corporation)
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] (CMD Technology, Inc.)
S0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] (Microsoft Corporation)
S3 Compbatt; C:\Windows\system32\drivers\compbatt.sys [21584 2009-07-14] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-21] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\drivers\crcdisk.sys [24144 2009-07-14] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-21] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation)
S0 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation)
S3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 elxstor; C:\Windows\system32\drivers\elxstor.sys [530496 2009-07-14] (Emulex)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] (Microsoft Corporation)
S0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] (Microsoft Corporation)
S0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
S0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [65088 2009-07-14] (Microsoft Corporation)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-21] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-21] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-21] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-21] (Hewlett-Packard Company)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-21] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
S3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation)
S0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [569152 2012-05-30] (Intel Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] (Intel Corporation)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [14759520 2012-05-21] (Intel Corporation)
S3 iirsp; C:\Windows\system32\drivers\iirsp.sys [44112 2009-07-14] (Intel Corp./ICP vortex GmbH)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2957544 2011-10-18] (Realtek Semiconductor Corp.)
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-05] (Intel(R) Corporation)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] (Microsoft Corporation)
S3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-21] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-21] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-21] (Microsoft Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16152 2012-02-26] (Intel Corporation)
S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [356120 2012-02-26] (Intel Corporation)
S3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [788760 2012-02-26] (Intel Corporation)
S3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] (Microsoft Corporation)
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-21] (Microsoft Corporation)
S0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2013-09-25] (Microsoft Corporation)
S0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154560 2013-09-25] (Microsoft Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation)
S3 LHidFilt; C:\Windows\System32\DRIVERS\LHidFilt.Sys [55312 2009-06-17] (Logitech, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-05] ()
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation)
S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [57872 2009-06-17] (Logitech, Inc.)
S3 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [114752 2009-07-14] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [106560 2009-07-14] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\drivers\lsi_sas2.sys [65600 2009-07-14] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [115776 2009-07-14] (LSI Corporation)
S2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation)
S3 MBfilt; C:\Windows\System32\drivers\MBfilt64.sys [32344 2009-11-18] (Creative Technology Ltd.)
S3 megasas; C:\Windows\system32\drivers\megasas.sys [35392 2009-07-14] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-14] (LSI Corporation, Inc.)
S3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [60184 2011-11-10] (Intel Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation)
S3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation)
S0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-21] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] (Microsoft Corporation)
S0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation)
S0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] (Microsoft Corporation)
S1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-14] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation)
S0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation)
S0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] (Microsoft Corporation)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] (Microsoft Corporation)
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] (IBM Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation)
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] (Microsoft Corporation)
S1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [189288 2012-07-03] (NVIDIA Corporation)
S3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11036448 2013-02-25] (NVIDIA Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] (Microsoft Corporation)
S0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
S0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] (Microsoft Corporation)
S0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] (Microsoft Corporation)
S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation)
S3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] (Microsoft Corporation)
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation)
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation)
S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation)
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] (Microsoft Corporation)
S0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [565352 2011-08-23] (Realtek )
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] (Microsoft Corporation)
S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-14] (Microsoft Corporation)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] (Silicon Integrated Systems)
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation)
S0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] (Microsoft Corporation)
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] (Promise Technology)
S3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-14] (Microsoft Corporation)
S0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2013-09-08] (Microsoft Corporation)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation)
S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] (Microsoft Corporation)
S1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] (Microsoft Corporation)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] (Microsoft Corporation)
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation)
S3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] (Microsoft Corporation)
S3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] (Microsoft Corporation)
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-14] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation)
S0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation)
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] (VIA Technologies, Inc.)
S0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
S0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
S0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] (VIA Technologies Inc.,Ltd)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] (Microsoft Corporation)
S0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] (Microsoft Corporation)
S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
S3 Winsock; No ImagePath
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] (Microsoft Corporation)
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-17] ()
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Reinicke\AppData\Local\Temp\ALSysIO64.sys [x]
S5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 14:49 - 2014-01-17 16:19 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-17 14:36 - 2014-01-17 14:36 - 00000000 ____D C:\FRST
2014-01-16 11:15 - 2014-01-16 11:15 - 07115203 _____ C:\Users\Reinicke\Downloads\1219090(1).zip
2014-01-16 11:15 - 2014-01-16 11:15 - 05412422 _____ C:\Users\Reinicke\Downloads\1180690.zip
2014-01-16 11:05 - 2014-01-16 11:06 - 10678963 _____ C:\Users\Reinicke\Downloads\1223481(1).zip
2014-01-16 11:05 - 2014-01-16 11:06 - 08484100 _____ C:\Users\Reinicke\Downloads\1217103(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 07009213 _____ C:\Users\Reinicke\Downloads\1216206(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 06358058 _____ C:\Users\Reinicke\Downloads\1215805(1).zip
2014-01-15 09:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-01-15 09:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-01-15 09:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-10 19:21 - 2014-01-10 19:26 - 263583224 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-5005-HOTFIX4-WIN64.exe
2014-01-10 19:09 - 2014-01-10 19:09 - 00001276 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2014-01-10 19:09 - 2014-01-10 19:09 - 00001101 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2014-01-10 19:07 - 2014-01-11 10:04 - 00000000 ____D C:\Program Files (x86)\ArchiCAD17
2014-01-10 18:48 - 2014-01-10 19:04 - 889819512 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-GER64(2).exe
2014-01-05 10:12 - 2014-01-05 10:12 - 00002320 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-01-05 10:11 - 2014-01-05 10:11 - 00000000 ____D C:\Users\Reinicke\Documents\My Games
2014-01-05 10:09 - 2014-01-05 10:10 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Reinicke\Downloads\ffxivsetup.exe
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\System32\ljkb
2013-12-20 22:28 - 2013-12-20 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-17 16:19 - 2014-01-17 14:49 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-17 16:19 - 2013-11-24 22:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 16:19 - 2013-07-11 08:38 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2014-01-17 16:19 - 2013-02-07 19:13 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 16:19 - 2013-02-07 18:59 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-17 16:19 - 2010-11-21 04:47 - 00397928 _____ C:\Windows\PFRO.log
2014-01-17 16:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 16:19 - 2009-07-14 05:51 - 00075359 _____ C:\Windows\setupact.log
2014-01-17 14:39 - 2013-02-08 18:51 - 01998361 _____ C:\Windows\WindowsUpdate.log
2014-01-17 14:36 - 2014-01-17 14:36 - 00000000 ____D C:\FRST
2014-01-17 14:35 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\System32\perfh007.dat
2014-01-17 14:35 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\System32\perfc007.dat
2014-01-17 14:35 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-17 14:28 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:28 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:13 - 2013-11-24 22:03 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 14:00 - 2013-02-12 17:11 - 00000000 ____D C:\Users\Reinicke\AppData\Local\Deployment
2014-01-17 13:46 - 2013-02-11 19:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-16 16:16 - 2013-02-07 18:59 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-16 11:15 - 2014-01-16 11:15 - 07115203 _____ C:\Users\Reinicke\Downloads\1219090(1).zip
2014-01-16 11:15 - 2014-01-16 11:15 - 05412422 _____ C:\Users\Reinicke\Downloads\1180690.zip
2014-01-16 11:06 - 2014-01-16 11:05 - 10678963 _____ C:\Users\Reinicke\Downloads\1223481(1).zip
2014-01-16 11:06 - 2014-01-16 11:05 - 08484100 _____ C:\Users\Reinicke\Downloads\1217103(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 07009213 _____ C:\Users\Reinicke\Downloads\1216206(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 06358058 _____ C:\Users\Reinicke\Downloads\1215805(1).zip
2014-01-15 18:13 - 2009-07-14 05:45 - 00294880 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-15 13:13 - 2013-08-14 10:37 - 00000000 ____D C:\Windows\System32\MRT
2014-01-15 13:12 - 2013-02-14 05:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-01-15 12:33 - 2013-03-22 00:21 - 00000000 ____D C:\Users\Reinicke\AppData\Local\CrashDumps
2014-01-15 10:35 - 2013-09-23 20:55 - 00000000 ____D C:\Users\Reinicke\Documents\BIMx
2014-01-15 10:35 - 2013-09-23 20:54 - 00000000 ____D C:\Users\Reinicke\Graphisoft
2014-01-11 10:04 - 2014-01-10 19:07 - 00000000 ____D C:\Program Files (x86)\ArchiCAD17
2014-01-10 19:27 - 2013-09-23 20:49 - 00007435 _____ C:\Windows\vpd.properties
2014-01-10 19:26 - 2014-01-10 19:21 - 263583224 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-5005-HOTFIX4-WIN64.exe
2014-01-10 19:26 - 2013-09-23 20:44 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\Install.GS
2014-01-10 19:21 - 2013-09-23 20:54 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\Graphisoft
2014-01-10 19:09 - 2014-01-10 19:09 - 00001276 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2014-01-10 19:09 - 2014-01-10 19:09 - 00001101 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2014-01-10 19:09 - 2013-09-23 20:44 - 00000000 ____D C:\Program Files (x86)\ArchiCAD
2014-01-10 19:04 - 2014-01-10 18:48 - 889819512 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-GER64(2).exe
2014-01-05 18:21 - 2013-02-12 16:21 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\TS3Client
2014-01-05 10:12 - 2014-01-05 10:12 - 00002320 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-01-05 10:12 - 2013-02-11 19:20 - 00000000 ____D C:\Spiele
2014-01-05 10:12 - 2013-02-07 18:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-05 10:11 - 2014-01-05 10:11 - 00000000 ____D C:\Users\Reinicke\Documents\My Games
2014-01-05 10:10 - 2014-01-05 10:09 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Reinicke\Downloads\ffxivsetup.exe
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\System32\ljkb
2014-01-04 10:19 - 2013-05-09 11:35 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2014-01-04 10:19 - 2013-05-09 11:35 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2014-01-03 10:17 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-29 11:12 - 2013-05-09 11:35 - 01833776 _____ C:\Windows\System32\dmwu.exe
2013-12-29 11:08 - 2013-05-09 11:35 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-12-27 22:48 - 2013-02-11 19:36 - 00000000 ____D C:\Users\Reinicke\Documents\Musik
2013-12-26 18:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-25 09:03 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-12-25 09:03 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2013-12-21 21:46 - 2013-02-11 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 22:28 - 2013-12-20 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 19:32 - 2013-05-07 09:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-12-18 19:32 - 2013-03-28 19:30 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-12-18 19:32 - 2013-03-28 19:30 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Reinicke\AppData\Local\Temp\7z920.exe
C:\Users\Reinicke\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Reinicke\AppData\Local\Temp\AskSLib.dll
C:\Users\Reinicke\AppData\Local\Temp\avgnt.exe
C:\Users\Reinicke\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Reinicke\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Reinicke\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Reinicke\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Reinicke\AppData\Local\Temp\Gw2.exe
C:\Users\Reinicke\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\Reinicke\AppData\Local\Temp\installerdll4564885.dll
C:\Users\Reinicke\AppData\Local\Temp\installerdll4570111.dll
C:\Users\Reinicke\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\Reinicke\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Reinicke\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Reinicke\AppData\Local\Temp\rootsupd.exe
C:\Users\Reinicke\AppData\Local\Temp\run.exe
C:\Users\Reinicke\AppData\Local\Temp\Setup.exe
C:\Users\Reinicke\AppData\Local\Temp\ubi582E.tmp.exe
C:\Users\Reinicke\AppData\Local\Temp\uninstaller.exe
C:\Users\Reinicke\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Reinicke\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Reinicke\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Reinicke\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Reinicke\AppData\Local\Temp\WSSetup.exe
==================== Known DLLs (All) =========================
[2009-07-14 01:00] - [2009-07-14 02:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-14 00:44] - [2009-07-14 02:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2010-11-21 04:23] - [2010-11-21 04:23] - 2086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 1414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2013-10-09 18:18] - [2013-08-29 03:13] - 0878080 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2013-10-09 18:18] - [2013-08-29 02:48] - 0640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0594432 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2010-11-21 04:23] - [2010-11-21 04:23] - 0485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2013-11-14 19:40] - [2013-10-03 03:23] - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2013-11-14 19:40] - [2013-10-03 03:00] - 0311808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2013-12-11 00:18] - [2013-11-26 10:41] - 2764288 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2013-12-11 00:18] - [2013-11-26 09:38] - 2166784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2013-12-10 22:26] - [2013-10-19 03:18] - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2013-12-10 22:26] - [2013-10-19 02:36] - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-07-14 00:38] - [2009-07-14 02:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2013-09-12 10:17] - [2013-08-02 03:13] - 1161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2013-09-12 10:17] - [2013-08-02 02:50] - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2013-10-09 18:18] - [2013-06-06 06:50] - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2013-10-09 18:18] - [2013-06-06 05:57] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-07-14 00:40] - [2009-07-14 02:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-14 00:28] - [2009-07-14 02:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2013-02-11 19:08] - [2011-12-16 09:46] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2013-02-11 19:08] - [2011-12-16 08:52] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2009-07-14 00:26] - [2009-07-14 02:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-14 00:15] - [2009-07-14 02:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2009-07-14 00:21] - [2009-07-14 02:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-14 00:12] - [2009-07-14 02:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2013-02-11 19:08] - [2011-08-27 06:37] - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2013-02-11 19:08] - [2011-08-27 05:26] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OLEAUT32.dll
[2009-07-14 00:26] - [2009-07-14 02:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-14 00:15] - [2009-07-14 02:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2013-08-14 09:23] - [2013-07-09 06:51] - 1217024 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2013-08-14 09:23] - [2013-07-09 05:52] - 0663552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-07-14 00:20] - [2009-07-14 02:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-14 00:11] - [2009-07-14 02:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 1900544 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2010-11-21 04:23] - [2010-11-21 04:23] - 1667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2013-09-12 10:17] - [2013-07-26 03:24] - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2013-09-12 10:17] - [2013-07-26 02:55] - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHELL32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2010-11-21 04:23] - [2010-11-21 04:23] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2013-12-11 00:18] - [2013-11-26 07:40] - 1395200 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2013-12-11 00:18] - [2013-11-26 07:27] - 1157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\URLMON.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 1008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2013-02-11 19:16] - [2012-11-22 06:44] - 0800768 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2013-02-11 19:16] - [2012-11-22 05:45] - 0626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2013-12-11 00:18] - [2013-11-26 08:07] - 2334208 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2013-12-11 00:18] - [2013-11-26 07:33] - 1820160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WININET.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0312832 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WLDAP32.dll
[2010-11-21 04:24] - [2010-11-21 04:24] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2010-11-21 04:23] - [2010-11-21 04:23] - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll
[2009-07-14 00:27] - [2009-07-14 02:40] - 0504320 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll
[2009-07-14 00:16] - [2009-07-14 02:15] - 0315904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DifxApi.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-01-07 21:31:27
Restore point made on: 2014-01-15 09:58:00
Restore point made on: 2014-01-15 13:12:37
Restore point made on: 2014-01-17 14:05:01
Restore point made on: 2014-01-17 14:38:06
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8076.88 MB
Available physical RAM: 7263.5 MB
Total Pagefile: 8075.08 MB
Available Pagefile: 7268.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:693.66 GB) NTFS
Drive e: (Sims3EP10) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF
Drive f: (FH DORTMUND) (Removable) (Total:3.8 GB) (Free:3.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 526C69FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
LastRegBack: 2014-01-15 10:14
==================== End Of Log ============================
|
|
18.01.2014, 07:50
| #4 |
| /// the machine /// TB-Ausbilder | Interpol-Virus - Rechner ist gesperrt Kann es sein dass Du das verwechselst? Dein Rechner ist gar nicht gesperrt sondern nur der Browser, also es wurde im Browser nur ein neuer Tab mit dieser Meldung geöffnet?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2014, 12:53
| #5 |
| | Interpol-Virus - Rechner ist gesperrt ja stimmt. aber wenn ich nicht innerhalb von 48 betrag X zahle wird der wohl gesperrt wenn ich das richtig verstanden hab. ist das nicht das gleiche was auch mauli.mauli hatte? |
|
19.01.2014, 09:36
| #6 | |
| /// the machine /// TB-Ausbilder | Interpol-Virus - Rechner ist gesperrt Das ist ein Browser Tab. Browser über den Task manager einfach killen und neu starten. Alles im normalen Modus ausführen: Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Interpol-Virus - Rechner ist gesperrt |
|
| Themen zu Interpol-Virus - Rechner ist gesperrt |
| adobe, adobe flash player, antivir, association, avg, avira, bluestacks, desktop, explorer, flash player, geld, gesperrt, home, icreinstall, installation, mozilla, nvidia, opera, problem, realtek, registry, schließen, services.exe, stick, svchost.exe, temp, usb, vcredist, winlogon.exe |
Linear-Darstellung
